Would ttl of 10sec cause bind problems?
Brad Knowles
brad.knowles at skynet.be
Thu Aug 2 20:01:22 UTC 2001
At 8:43 AM +0100 8/2/01, Matt Edwell wrote:
> Our dns servers are having a problem resolving anything in the yell.com
> domain and the only reason that I can think of is that all records in this
> zone have a ttl of 10 sec - is there some kind of default setting in bind
> (v8 and 9) that will cause such a problem?
A TTL of just ten seconds can definitely cause some problems, but
I checked out their zone with a fully licensed copy of DNS Expert
Professional 1.6 from Men & Mice (see
<http://www.menandmice.com/2000/2100_dns_expert.html>), and I noted a
hell of a lot of other things that they've got wrong:
DNS Expert
Detailed Report for yell.com.
8/2/01, 9:37 PM, using the analysis setting "Everything"
======================================================================
Information
----------------------------------------------------------------------
Serial number: 2001080201
Primary name server: redgate.yellowpages.co.uk.
Primary mail server: mailhub1.yellgroup.com.
Number of records: 35 (2 NS, 4 MX, 26 A, 3 CNAME, 0 PTR, 0
Other)
Errors
----------------------------------------------------------------------
o The server "redgate2.yellowpages.co.uk." did not reply
The server "redgate2.yellowpages.co.uk." did not reply when it
was queried for the name "yell.com.". This indicates that the
server is not running, or it is currently unreachable.
o Only one of your name servers has autoritative data for the zone.
The server "redgate.yellowpages.co.uk." is the only server that
has authoritaive data for the zone. If this server becomes
unavailable, your domain will become inacessible.
o There is no PTR record for the host "greengate.yell.com."
There is no PTR record available for the host
"greengate.yell.com." which has the IP address 194.72.108.1.
o Lame delegation received from "ns1.bt.net." for
"108.72.194.in-addr.arpa."
The server "ns1.bt.net." is listed as being authoritative for
"108.72.194.in-addr.arpa.", but "ns1.bt.net." does not contain
authoritative data for the zone.
o There is no PTR record for the host "www.yell.com."
There is no PTR record available for the host "www.yell.com."
which has the IP address 194.72.108.2.
o There is no PTR record for the host "echannel.yell.com."
There is no PTR record available for the host
"echannel.yell.com." which has the IP address 194.72.108.9.
o There is no PTR record for the host "sites.yell.com."
There is no PTR record available for the host "sites.yell.com."
which has the IP address 194.72.108.10.
o There is no PTR record for the host "websearch.yell.com."
There is no PTR record available for the host
"websearch.yell.com." which has the IP address 194.72.108.20.
o There is no PTR record for the host "target.yell.com."
There is no PTR record available for the host "target.yell.com."
which has the IP address 194.72.108.22.
o There is no PTR record for the host "search.yell.com."
There is no PTR record available for the host "search.yell.com."
which has the IP address 194.72.108.35.
o There is no PTR record for the host "search2.yell.com."
There is no PTR record available for the host "search2.yell.com."
which has the IP address 194.72.108.40.
o There is no PTR record for the host "ag.yell.com."
There is no PTR record available for the host "ag.yell.com."
which has the IP address 194.72.108.43.
o There is no PTR record for the host "maps.us.yell.com."
There is no PTR record available for the host "maps.us.yell.com."
which has the IP address 194.72.108.167.
o There is no PTR record for the host "banners.yell.com."
There is no PTR record available for the host "banners.yell.com."
which has the IP address 194.72.108.245.
o There is no PTR record for the host "ypftp2.yell.com."
There is no PTR record available for the host "ypftp2.yell.com."
which has the IP address 194.72.109.100.
o There is no PTR record for the host "us.yell.com."
There is no PTR record available for the host "us.yell.com."
which has the IP address 194.72.109.101.
o There is no PTR record for the host "internet-gw.yell.com."
There is no PTR record available for the host
"internet-gw.yell.com." which has the IP address 194.74.151.193.
o The reverse record "200.151.74.194.in-addr.arpa." does not refer to
the host "redgate.yell.com."
The reverse record "200.151.74.194.in-addr.arpa." refers to
"redgate.yellowpages.co.uk.", but it should refer to
"redgate.yell.com.".
o The reverse record "92.71.8.195.in-addr.arpa." does not refer to
the host "awards.yell.com."
The reverse record "92.71.8.195.in-addr.arpa." refers to
"cation.positive-internet.com.", but it should refer to
"awards.yell.com.".
o There is no PTR record for the host "finance.yell.com."
There is no PTR record available for the host "finance.yell.com."
which has the IP address 195.92.244.173.
o The reverse record "227.253.92.195.in-addr.arpa." does not refer to
the host "travel-guides.yell.com."
The reverse record "227.253.92.195.in-addr.arpa." refers to
"columbus-com-01.whoc.theplanet.net.", but it should refer to
"travel-guides.yell.com.".
o The reverse record "227.253.92.195.in-addr.arpa." does not refer to
the host "www.travel-guides.yell.com."
The reverse record "227.253.92.195.in-addr.arpa." refers to
"columbus-com-01.whoc.theplanet.net.", but it should refer to
"www.travel-guides.yell.com.".
o Lame delegation received from "auth3.dns.gxn.net." for
"0-63.167.224.195.in-addr.arpa."
The server "auth3.dns.gxn.net." is listed as being authoritative
for "0-63.167.224.195.in-addr.arpa.", but "auth3.dns.gxn.net."
does not contain authoritative data for the zone.
o Lame delegation received from "auth4.dns.gxn.net." for
"0-63.167.224.195.in-addr.arpa."
The server "auth4.dns.gxn.net." is listed as being authoritative
for "0-63.167.224.195.in-addr.arpa.", but "auth4.dns.gxn.net."
does not contain authoritative data for the zone.
o Lame delegation received from "auth1.dns.gxn.net." for
"0-63.167.224.195.in-addr.arpa."
The server "auth1.dns.gxn.net." is listed as being authoritative
for "0-63.167.224.195.in-addr.arpa.", but "auth1.dns.gxn.net."
does not contain authoritative data for the zone.
o Lame delegation received from "auth2.dns.gxn.net." for
"0-63.167.224.195.in-addr.arpa."
The server "auth2.dns.gxn.net." is listed as being authoritative
for "0-63.167.224.195.in-addr.arpa.", but "auth2.dns.gxn.net."
does not contain authoritative data for the zone.
o There is no PTR record for the host "us.yell.com."
There is no PTR record available for the host "us.yell.com."
which has the IP address 217.33.38.2.
o There is no PTR record for the host "www.yell.com."
There is no PTR record available for the host "www.yell.com."
which has the IP address 217.33.39.103.
Warnings
----------------------------------------------------------------------
o The TTL field in the SOA record contains an unusually low value
The value 10 of the TTL field in the SOA record field is
unusually low. The value for this field should be within the
range 3600 - 172800.
o The Minimum TTL field in the SOA record contains an unusually low
value
The value 10 of the Minimum field in the SOA record is unusually
low. The value for this field should be within the range 3600 -
172800.
o The zone contains more than one A record with the address
195.92.253.227
There is more than one A record in the zone with the IP address
195.92.253.227.
o The zone contains more than one A record with the address
194.72.108.2
There is more than one A record in the zone with the IP address
194.72.108.2.
o There is more than one A record with the name "us.yell.com."
The zone contains multiple A records with the name "us.yell.com.".
o The zone contains more than one A record with the address
194.72.108.10
There is more than one A record in the zone with the IP address
194.72.108.10.
o There is more than one A record with the name "www.yell.com."
The zone contains multiple A records with the name
"www.yell.com.".
o The zone contains more than one MX record with the same preference
The zone contains MX records (referring to "relay1.bt.net." and
"relay2.bt.net.") with the same preference (preference value 30).
o The zone contains no A record with the zone name
There is no A record in the zone with the zone name "yell.com."
o Lame delegation received from "ns1.bt.net." for
"108.72.194.in-addr.arpa."
The server "ns1.bt.net." is listed by "ns.ripe.net." as being
authoritative for "108.72.194.in-addr.arpa.", but "ns1.bt.net."
does not contain authoritative data for the zone.
----------------------------------------------------------------------
end of report
As a result, I decided to throw the latest version of "doc" at
the zone, as well:
% doc -d yell.com
Doc-2.2.3: doc -d yell.com
Doc-2.2.3: Starting test of yell.com. parent is com.
Doc-2.2.3: Test date - Thu Aug 2 15:38:22 EDT 2001
DEBUG: digging @a.gtld-servers.net. for soa of com.
soa @a.gtld-servers.net. for com. has serial: 2001080200
DEBUG: digging @b.gtld-servers.net. for soa of com.
soa @b.gtld-servers.net. for com. has serial:
WARNING: no SOA record for com. from b.gtld-servers.net.
DEBUG: digging @c.gtld-servers.net. for soa of com.
soa @c.gtld-servers.net. for com. has serial: 2001080200
DEBUG: digging @d.gtld-servers.net. for soa of com.
soa @d.gtld-servers.net. for com. has serial: 2001080101
DEBUG: digging @e.gtld-servers.net. for soa of com.
soa @e.gtld-servers.net. for com. has serial: 2001080200
DEBUG: digging @f.gtld-servers.net. for soa of com.
soa @f.gtld-servers.net. for com. has serial: 2001080101
DEBUG: digging @g.gtld-servers.net. for soa of com.
soa @g.gtld-servers.net. for com. has serial: 2001080101
DEBUG: digging @h.gtld-servers.net. for soa of com.
soa @h.gtld-servers.net. for com. has serial: 2001080200
DEBUG: digging @i.gtld-servers.net. for soa of com.
soa @i.gtld-servers.net. for com. has serial: 2001080200
DEBUG: digging @j.gtld-servers.net. for soa of com.
soa @j.gtld-servers.net. for com. has serial: 2001080200
DEBUG: digging @k.gtld-servers.net. for soa of com.
soa @k.gtld-servers.net. for com. has serial: 2001080200
DEBUG: digging @l.gtld-servers.net. for soa of com.
soa @l.gtld-servers.net. for com. has serial: 2001080101
DEBUG: digging @m.gtld-servers.net. for soa of com.
soa @m.gtld-servers.net. for com. has serial: 2001080101
WARNING: Found 2 unique SOA serial #'s for com.
Found 2 NS and 0 glue records for yell.com. @a.gtld-servers.net. (non-AUTH)
Found 2 NS and 0 glue records for yell.com. @c.gtld-servers.net. (non-AUTH)
Found 2 NS and 0 glue records for yell.com. @d.gtld-servers.net. (non-AUTH)
Found 2 NS and 0 glue records for yell.com. @e.gtld-servers.net. (non-AUTH)
Found 2 NS and 0 glue records for yell.com. @f.gtld-servers.net. (non-AUTH)
Found 2 NS and 0 glue records for yell.com. @g.gtld-servers.net. (non-AUTH)
Found 2 NS and 0 glue records for yell.com. @h.gtld-servers.net. (non-AUTH)
Found 2 NS and 0 glue records for yell.com. @i.gtld-servers.net. (non-AUTH)
Found 2 NS and 0 glue records for yell.com. @j.gtld-servers.net. (non-AUTH)
Found 2 NS and 0 glue records for yell.com. @k.gtld-servers.net. (non-AUTH)
Found 2 NS and 0 glue records for yell.com. @l.gtld-servers.net. (non-AUTH)
Found 2 NS and 0 glue records for yell.com. @m.gtld-servers.net. (non-AUTH)
DNServers for com.
=== 0 were also authoritatve for yell.com.
=== 12 were non-authoritative for yell.com.
Servers for com. (not also authoritative for yell.com.)
=== agree on NS records for yell.com.
DEBUG: domserv = redgate.yellowpages.co.uk. redgate2.yellowpages.co.uk.
NS list summary for yell.com. from parent (com.) servers
== redgate.yellowpages.co.uk. redgate2.yellowpages.co.uk.
digging @redgate.yellowpages.co.uk. for soa of yell.com.
soa @redgate.yellowpages.co.uk. for yell.com. serial: 2001080201
digging @redgate2.yellowpages.co.uk. for soa of yell.com.
soa @redgate2.yellowpages.co.uk. for yell.com. serial:
ERROR: no SOA record for yell.com. from redgate2.yellowpages.co.uk.
NS list from yell.com. authoritative servers matches list from
=== parent (com.) servers not authoritative for yell.com.
Checking 0 potential addresses for hosts at yell.com.
==
Summary:
ERRORS found for yell.com. (count: 1)
WARNINGS issued for yell.com. (count: 2)
Done testing yell.com. Thu Aug 2 15:38:47 EDT 2001
And now, dnswalk:
% dnswalk -alF yell.com.
Checking yell.com.
Getting zone transfer of yell.com. from redgate.yellowpages.co.uk...done.
SOA=redgate.yellowpages.co.uk contact=postmaster.yellowpages.co.uk
FAIL: Cannot get SOA record for yell.com from
redgate2.yellowpages.co.uk (lame?): query timed out
WARN: ag.yell.com A 194.72.108.43: no PTR record
WARN: finance.yell.com A 195.92.244.173: no PTR record
WARN: wap.yell.com A 194.72.108.2: no PTR record
WARN: ypftp2.yell.com A 194.72.109.100: no PTR record
WARN: sites.yell.com A 194.72.108.10: no PTR record
WARN: internet-gw.yell.com A 194.74.151.193: no PTR record
WARN: gatekeeper.yell.com A 194.72.108.2: no PTR record
WARN: search2.yell.com A 194.72.108.40: no PTR record
WARN: websearch.yell.com A 194.72.108.20: no PTR record
WARN: uk.yell.com A 194.72.108.2: no PTR record
WARN: greengate.yell.com A 194.72.108.1: no PTR record
WARN: us.yell.com A 194.72.109.101: no PTR record
WARN: us.yell.com A 217.33.38.2: no PTR record
WARN: maps.us.yell.com A 194.72.108.167: no PTR record
WARN: offer.yell.com A 195.224.167.4: no PTR record
WARN: uk2.yell.com A 194.72.108.10: no PTR record
WARN: echannel.yell.com A 194.72.108.9: no PTR record
WARN: www.yell.com A 194.72.108.2: no PTR record
WARN: www.yell.com A 217.33.39.103: no PTR record
WARN: banners.yell.com A 194.72.108.245: no PTR record
WARN: search.yell.com A 194.72.108.35: no PTR record
WARN: target.yell.com A 194.72.108.22: no PTR record
1 failures, 22 warnings, 0 errors.
Checking the version of the nameserver they appear to be running
(on the one machine that appears to be functioning correctly at the
moment), I see:
% dig @REDGATE.YELLOWPAGES.CO.UK. chaos txt version.bind
; <<>> DiG 9.1.2 <<>> @REDGATE.YELLOWPAGES.CO.UK. chaos txt version.bind
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9220
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;version.bind. CH TXT
;; ANSWER SECTION:
VERSION.BIND. 0 CH TXT "BIND 8.1.2"
;; Query time: 83 msec
;; SERVER: 194.74.151.200#53(REDGATE.YELLOWPAGES.CO.UK.)
;; WHEN: Thu Aug 2 15:46:49 2001
;; MSG SIZE rcvd: 65
This is not a guarantee that they are actually running this
particular version of BIND, but if they are, then they are subject to
a whole host of bugs, attacks (including root exploits), etc....
Finally, for anyone who is interested, here is the complete copy
I got of the yell.com zone:
% dig @redgate.yellowpages.co.uk. yell.com. axfr
; <<>> DiG 9.1.2 <<>> @redgate.yellowpages.co.uk. yell.com. axfr
;; global options: printcmd
yell.com. 10 IN SOA
redgate.yellowpages.co.uk. postmaster.yellowpages.co.uk. 2001080201
28800 7200 864000 10
yell.com. 10 IN NS redgate.yellowpages.co.uk.
yell.com. 10 IN NS redgate2.yellowpages.co.uk.
yell.com. 10 IN MX 30 relay2.bt.net.
yell.com. 10 IN MX 10 mailhub1.yellgroup.com.
yell.com. 10 IN MX 20 smail.yellowpages.co.uk.
yell.com. 10 IN MX 30 relay1.bt.net.
images.yell.com. 10 IN CNAME search.yell.com.
redgate.yell.com. 10 IN A 194.74.151.200
ukmaps.yell.com. 10 IN CNAME search.yell.com.
ag.yell.com. 10 IN A 194.72.108.43
finance.yell.com. 10 IN A 195.92.244.173
travel-guides.yell.com. 10 IN A 195.92.253.227
www.travel-guides.yell.com. 10 IN A 195.92.253.227
wap.yell.com. 10 IN A 194.72.108.2
ypftp2.yell.com. 10 IN A 194.72.109.100
sites.yell.com. 10 IN A 194.72.108.10
internet-gw.yell.com. 10 IN A 194.74.151.193
gatekeeper.yell.com. 10 IN A 194.72.108.2
search2.yell.com. 10 IN A 194.72.108.40
uslocal.yell.com. 10 IN CNAME web.elocal.com.
websearch.yell.com. 10 IN A 194.72.108.20
uk.yell.com. 10 IN A 194.72.108.2
greengate.yell.com. 10 IN A 194.72.108.1
us.yell.com. 10 IN A 217.33.38.2
us.yell.com. 10 IN A 194.72.109.101
maps.us.yell.com. 10 IN A 194.72.108.167
offer.yell.com. 10 IN A 195.224.167.4
uk2.yell.com. 10 IN A 194.72.108.10
echannel.yell.com. 10 IN A 194.72.108.9
www.yell.com. 10 IN A 194.72.108.2
www.yell.com. 10 IN A 217.33.39.103
awards.yell.com. 10 IN A 195.8.71.92
banners.yell.com. 10 IN A 194.72.108.245
search.yell.com. 10 IN A 194.72.108.35
target.yell.com. 10 IN A 194.72.108.22
yell.com. 10 IN SOA
redgate.yellowpages.co.uk. postmaster.yellowpages.co.uk. 2001080201
28800 7200 864000 10
;; Query time: 167 msec
;; SERVER: 194.74.151.200#53(redgate.yellowpages.co.uk.)
;; WHEN: Thu Aug 2 15:58:34 2001
;; XFR size: 38 records
These problems appear to me to be serious enough that I have
carbon-copied the appropriate registered administrative addresses for
the domain, and for the network block.
--
Brad Knowles, <brad.knowles at skynet.be>
H4sICIFgXzsCA2RtYS1zaWcAPVHLbsMwDDvXX0H0kkvbfxiwVw8FCmzAzqqj1F4dy7CdBfn7
Kc6wmyGRFEnvvxiWQoCvqI7RSWTcfGXQNqCUAnfIU+AT8OZ/GCNjRVlH0bKpguJkxiITZqes
MxwpSucyDJzXxQEUe/ihgXqJXUXwD9ajB6NHonLmNrUSK9nacHQnH097szO74xFXqtlbT3il
wMsBz5cnfCR5cEmci0Rj9u/jqBbPeES1I4PeFBXPUIT1XDSOuutFXylzrQvGyboWstCoQZyP
dxX4dLx0eauFe1x9puhoi0Ao1omEJo+BZ6XLVNaVpWiKekxN0VK2VMpmAy+Bk7ZV4SO+p1L/
uErNRS/qH2iFU+iNOtbcmVt9N16lfF7tLv9FXNj8AiyNcOi1AQAA
More information about the bind-users
mailing list